# This controller handles the login/logout function of the site.  
class SessionsController < ApplicationController

  #create new sessions
  def new
  end

  #create new session
  def create
    self.current_member = Member.authenticate(params[:login], params[:password])
    if logged_in?
      member = self.current_member
      if params[:remember_me] == "1"
        member.remember_me
        cookies[:auth_token] = { :value => member.remember_token , :expires => member.remember_token_expires_at }
      end
      redirect_to member_path(member)
      flash[:success] = "Welcome back, #{member.login}!"
    else
      render :action => 'new'
    end
  end

  #destroy session for the user who wants to log out
  def destroy
    self.current_member.forget_me if logged_in?
    cookies.delete :auth_token
    reset_session
    flash[:success] = "You have been logged out."
    redirect_back_or_default('/')
  end
end
